DOCSLIB.ORG

Using Pitbull® Trusted Computing Platform to Solve Real-World Problems Presentation Outline 1

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Using Pitbull® Trusted Computing Platform to Solve Real-World Problems Presentation Outline 1 TM Using PitBull® Trusted Computing Platform to Solve Real-world Problems Presentation Outline 1. Introduction to PitBull 2. PitBull Mechanisms 3. Multilevel desktops 4. PitBull Use cases 5. More about PitBull 6. Q&A TM Introduction to PitBull TM What is PitBull? • PitBull is a General Dynamics Linux distribution based on RHEL 7 – PitBull is NOT something installable on top of an running Linux system • PitBull is used in server, workstation, and infrastructure configurations • PitBull has nothing to do with virtual machines or containers – however VMs and containers can be run on PitBull • PitBull has been in use for over 25 years – PitBull has been used by many commercial and defense customers TM What can PitBull do? • Provides extreme security – risk reduction, damage containment, attack vector blocking, user/admin controls • Enables complex architectures – including polyinstantiated, cross domain (CDS), and multilevel security (MLS) • Facilitates system evaluation and accreditation – designed for Protection Level 3 and Protection Level 4 (PL3 & PL4) – enforces security on all users and applications – included in multiple US accreditations with multiple accrediting agencies What PitBull isn’t • PitBull isn't encryption • PitBull isn't a firewall – but it does include advanced networking filtering • PitBull isn't intrusion detection – but it does include tools to detect changes to files • PitBull isn't virus scanning • PitBull isn't system hardening – but it does significantly harden a system How does PitBull do it? • PitBull uses kernel enhancements to implement mechanisms – mechanisms cannot be bypassed or shut down • PitBull does not use SELinux, VMs, or containers • PitBull uses attribute-based controls – there are no rule databases to analyze or maintain TM Compartmented Protection What Security PitBull Provides • Prevents any bug in any program from damaging the underlying system • Controls what network resources can be used by each program • Limits all user and administrator accounts • Enforces a security policy on a system of malicious software PitBull History • Technology development – Original technologies developed in 1990 (DIA/CMW) – Ported to 30+ operating systems from 1992 to 2012 – On Solaris 2.4 (1994) through Solaris 10 – First commercial installation: Credit Suisse (1997) – Over 50 commercial installations by 2005 in Europe, North America, Asia – AIX PitBull technology sold to IBM in 2005 • Ported to Red Hat Enterprise Linux (RHEL) in 2012 TM Evaluations and Accreditations • Evaluated under ITSEC to F-B1/E3 – 1996 and 1999; two certificates each – included networking and MLS GUI – evaluated on Solaris • Evaluated under Common Criteria – 2006 and 2007 LSPP/EAL4+ – evaluated on AIX • Included in accreditations to PL4 – Base for NSA/DIA TNE accreditation – Four configurations of MLS desktop Protection Levels: What They Really Mean Here is a description of what each PL means in practical terms and what kind of operating systems are needed for each level. Protecti Clearance/Approval Status Operating System on Level Everyone on the system is cleared and approved to No operating system requirements for any OS 1 see everything on the system security enforcement except for login Everyone on the system is cleared and approved to Standard commercial operating systems any well- 2 see everything on the system, but we want to limit with the ability to have users control configured access to some things by some users access to their own files OS Everyone on the system is cleared to see Standard commercial operating systems everything on the system, but not everyone is with strong configuration and extra tools 3 approved to see everything, so we must enforce a to limit access to files based on a need-to- formal need-to-know policy know policy Not everyone is cleared to see everything on the Operating systems that have a system, but the range of clearances is typically SEC “mandatory access control” (MAC) 4 with releasabilities or TS with compartments, but capability built into them to restrict access sometimes UNC-SEC or SEC-TS can be approved by users to files, networks, and other objects based on the users’ clearances Not everyone is cleared to see everything on the Operating systems that have MAC built system and the system can support essentially any into them plus are designed with high 5 collection of user clearances on the system assurance separation and hardening simultaneously Environments Ideal for PitBull Security • Electronic Commerce • Internet Banking • Financial Services • Multinational Commands • ASP/CSP/ISP Servers • Transaction Database Servers • Medical/Health Services • Secure Web Servers • PKI / Certificate Authorities • Trusted Firewalls TM PitBull Mechanisms TM PitBull’s Six Key Architecture Mechanisms 1) Compartmentalization (isolation) 2) Polyinstantiation (file system objects and network objects) 3) Unidirectional low-to-high data flow 4) Unidirectional high-to-low data flow 5) Immutable data storage 6) Roles and role-based access to executables 7) Highly restricted privilege model (no superuser/root) Note: these are all independent, orthogonal mechanisms that can be used together or separately Compartmentalization (isolation) 1) Collections of programs can be isolated in compartments • no interaction by networking, file systems, or IPC • doesn’t involve VMs, compartments, or chroot 2) Compartments can contain compartments • PitBull supports 4096 simple compartments • PitBull supports over 8 million duplex compartments 3) All processes and files can by managed using standard tools • system management can be relatively simple Polyinstantiation • Networking – multiple programs can simultaneously listen on the same port – network traffic is automatically routed to the appropriate process • File system – there can be multiple files with the same name in the same directory …a single installed program can be run multiple times simultaneously without having to reconfigure its networking and file system parameters Unidirectional low-to-high data flow 1) PitBull supports US DoD classifications, compartments, and releasabilities 2) Full multilevel security (MLS) using the Bell-LaPadula model • complete support for DoD PL4 3) Adding, deleting, and managing labeling components is simple • there are no rules or relationship databases 4) Enforced for *all* system components • file system, printers, GUI, networking, devices, etc. Unidirectional high-to-low data flow 1) Supports the Biba models for integrity controls 2) Protects high-integrity files and process from being corrupted by low-integrity users and processes 3) Can be used in conjunction with the low-to-high controls to create highly specified security policies and data flow controls Immutable data storage 1) PitBull adds the concept of operational vs configuration mode 2) File system objects can be marked to be immutable while the system is in operational mode • cannot be modified, moved, renamed, or deleted • there is no user, administrator, or role that can override this restriction • no process, no matter how privileged, can bypass this control 3) Referred to “trusted computing base” (TCB) on PitBull Roles and role-based access to executables 1) Any executable can be restricted to be run by only certain roles 2) Users can have zero or more roles • a user’s role can affect how an application or utility will run • privilege level can be determined by the role of the user • internal functionality can be different based on the role of the user • provides for multiple admin types and division of responsibility 3) PitBull has a “four-eyes” mechanism to enforce 2-person admin • at login, a user may have to wait for 2-person authorization Highly restricted privilege model 1) Superuser/root has been eliminated from the kernel 2) Fine-grained privileges can be assigned to programs and processes 3) PitBull has strong protections against privilege escalation • admin controls can override programmer controls • permanent, non-overridable limits to privilege escalation • comprehensive and meticulous algorithms for privileges on exec() Multilevel Desktops TM Multilevel Desktops • PitBull solves the multiple box problem • PitBull networking, OS, and X Window security create an integrated MLS desktop environment • Cut-and-paste between windows is fully supported – Can be limited based on roles of users Consolidating user hardware MLS From Desktop to OS to Network Example uses of a secure desktop • Simultaneous browser sessions securely open to internal and external web servers • External servers accessible for copying information into sensitive documents with no danger of system attack or data leakage to outside networks • Documents of different security levels simultaneously viewed and edited without danger of accidentally releasing restricted data • Using the system as a personal desktop while the system is supporting administrative and infrastructure services Example #1: Operating system protection This Word program can never damage the system or access unauthorized files. Markings are for demonstration purposes only Example #2: Network protection This PowerPoint session can access only the internal file server. This Word session cannot access any network. Markings are for demonstration purposes only Example #3: Application isolation These two applications are completely isolated and can never exchange data without user authorization. Markings are for demonstration purposes only PitBull Use Cases TM Use Case #1: Multidomain Servers • Multiple networks can
Load more

Recommended publications
  • The Road Ahead for Computing Systems
    56 JANUARY 2019 HiPEAC conference 2019 The road ahead for Valencia computing systems Monica Lam on keeping the web open Alberto Sangiovanni Vincentelli on building tech businesses Koen Bertels on quantum computing Tech talk 2030 contents 7 14 16 Benvinguts a València Monica Lam on open-source Starting and scaling a successful voice assistants tech business 3 Welcome 30 SME snapshot Koen De Bosschere UltraSoC: Smarter systems thanks to self-aware chips 4 Policy corner Rupert Baines The future of technology – looking into the crystal ball 33 Innovation Europe Sandro D’Elia M2DC: The future of modular microserver technology 6 News João Pita Costa, Ariel Oleksiak, Micha vor dem Berge and Mario Porrmann 14 HiPEAC voices 34 Innovation Europe ‘We are witnessing the creation of closed, proprietary TULIPP: High-performance image processing for linguistic webs’ embedded computers Monica Lam Philippe Millet, Diana Göhringer, Michael Grinberg, 16 HiPEAC voices Igor Tchouchenkov, Magnus Jahre, Magnus Peterson, ‘Do not think that SME status is the final game’ Ben Rodriguez, Flemming Christensen and Fabien Marty Alberto Sangiovanni Vincentelli 35 Innovation Europe 18 Technology 2030 Software for the big data era with E2Data Computing for the future? The way forward for Juan Fumero computing systems 36 Innovation Europe Marc Duranton, Madeleine Gray and Marcin Ostasz A RECIPE for HPC success 23 Technology 2030 William Fornaciari Tech talk 2030 37 Innovation Europe Solving heterogeneous challenges with the 24 Future compute special Heterogeneity Alliance
    [Show full text]
  • Fog Computing: a Platform for Internet of Things and Analytics
    Fog Computing: A Platform for Internet of Things and Analytics Flavio Bonomi, Rodolfo Milito, Preethi Natarajan and Jiang Zhu Abstract Internet of Things (IoT) brings more than an explosive proliferation of endpoints. It is disruptive in several ways. In this chapter we examine those disrup- tions, and propose a hierarchical distributed architecture that extends from the edge of the network to the core nicknamed Fog Computing. In particular, we pay attention to a new dimension that IoT adds to Big Data and Analytics: a massively distributed number of sources at the edge. 1 Introduction The “pay-as-you-go” Cloud Computing model is an efficient alternative to owning and managing private data centers (DCs) for customers facing Web applications and batch processing. Several factors contribute to the economy of scale of mega DCs: higher predictability of massive aggregation, which allows higher utilization with- out degrading performance; convenient location that takes advantage of inexpensive power; and lower OPEX achieved through the deployment of homogeneous compute, storage, and networking components. Cloud computing frees the enterprise and the end user from the specification of many details. This bliss becomes a problem for latency-sensitive applications, which require nodes in the vicinity to meet their delay requirements. An emerging wave of Internet deployments, most notably the Internet of Things (IoTs), requires mobility support and geo-distribution in addition to location awareness and low latency. We argue that a new platform is needed to meet these requirements; a platform we call Fog Computing [1]. We also claim that rather than cannibalizing Cloud Computing, F. Bonomi R.
    [Show full text]
  • NSA Security-Enhanced Linux (Selinux)
    Integrating Flexible Support for Security Policies into the Linux Operating System http://www.nsa.gov/selinux Stephen D. Smalley [email protected] Information Assurance Research Group National Security Agency ■ Information Assurance Research Group ■ 1 Outline · Motivation and Background · What SELinux Provides · SELinux Status and Adoption · Ongoing and Future Development ■ Information Assurance Research Group ■ 2 Why Secure the Operating System? · Information attacks don't require a corrupt user. · Applications can be circumvented. · Must process in the clear. · Network is too far. · Hardware is too close. · End system security requires a secure OS. · Secure end-to-end transactions requires secure end systems. ■ Information Assurance Research Group ■ 3 Mandatory Access Control · A ªmissing linkº of security in current operating systems. · Defined by three major properties: ± Administratively-defined security policy. ± Control over all subjects (processes) and objects. ± Decisions based on all security-relevant information. ■ Information Assurance Research Group ■ 4 Discretionary Access Control · Existing access control mechanism of current OSes. · Limited to user identity / ownership. · Vulnerable to malicious or flawed software. · Subject to every user©s discretion (or whim). · Only distinguishes admin vs. non-admin for users. · Only supports coarse-grained privileges for programs. · Unbounded privilege escalation. ■ Information Assurance Research Group ■ 5 What can MAC offer? · Strong separation of security domains · System, application, and data integrity · Ability to limit program privileges · Processing pipeline guarantees · Authorization limits for legitimate users ■ Information Assurance Research Group ■ 6 MAC Implementation Issues · Must overcome limitations of traditional MAC ± More than just Multi-Level Security / BLP · Policy flexibility required ± One size does not fit all! · Maximize security transparency ± Compatibility for applications and existing usage.
    [Show full text]
  • An Access Control Model for Preventing Virtual Machine Escape Attack
    future internet Article An Access Control Model for Preventing Virtual Machine Escape Attack Jiang Wu ,*, Zhou Lei, Shengbo Chen and Wenfeng Shen School of Computer Engineering and Science, Shanghai University, Shanghai 200444, China; [email protected] (Z.L.); [email protected] (S.C.); [email protected] (W.S.) * Correspondence: [email protected]; Tel: +86-185-0174-6348 Academic Editor: Luis Javier Garcia Villalba Received: 26 March 2017; Accepted: 23 May 2017; Published: 2 June 2017 Abstract: With the rapid development of Internet, the traditional computing environment is making a big migration to the cloud-computing environment. However, cloud computing introduces a set of new security problems. Aiming at the virtual machine (VM) escape attack, we study the traditional attack model and attack scenarios in the cloud-computing environment. In addition, we propose an access control model that can prevent virtual machine escape (PVME) by adapting the BLP (Bell-La Padula) model (an access control model developed by D. Bell and J. LaPadula). Finally, the PVME model has been implemented on full virtualization architecture. The experimental results show that the PVME module can effectively prevent virtual machine escape while only incurring 4% to 8% time overhead. Keywords: virtual security; virtual machine escape; access control; BLP model; PVME model 1. Introduction Cloud computing treats IT resources, data and applications as a service provided to the user through network, which is a change in the way of how data is modeled. Currently, the world’s leading IT companies have developed and published their own cloud strategies, such as Google, Amazon, and IBM.
    [Show full text]
  • Multilevel Security (MLS)
    Multilevel Security (MLS) Database Security and Auditing Multilevel Security (MLS) Definition and need for MLS – Security Classification – Secrecy-Based Mandatory Policies: Bell- LaPadula Model – Integrity-based Mandatory Policies: The Biba Model – Limitation of Mandatory Policies Hybrid Policies – The Chinese Wall Policy Definition and need for MLS Multilevel security involves a database in which the data stored has an associated classification and consequently constraints for their access MLS allows users with different classification levels to get different views from the same data MLS cannot allow downward leaking, meaning that a user with a lower classification views data stored with a higher classification Definition and need for MLS Usually multilevel systems are with the federal government Some private systems also have multilevel security needs MLS relation is split into several single-level relations, A recovery algorithm reconstructs the MLS relation from the decomposed single-level relations At times MLS updates cannot be completed because it would result in leakage or destruction of secret information Definition and need for MLS In relational model, relations are tables and relations consist of tuples (rows) and attributes (columns) Example: Consider the relation SOD(Starship, Objective, Destination) Starship Objective Destination Enterprise Exploration Talos Voyager Spying Mars Definition and need for MLS The relation in the example has no classification associated with it in a relational model The same example in MLS with
    [Show full text]
  • Multilevel Adaptive Security System
    Copyright Warning & Restrictions The copyright law of the United States (Title 17, United States Code) governs the making of photocopies or other reproductions of copyrighted material. Under certain conditions specified in the law, libraries and archives are authorized to furnish a photocopy or other reproduction. One of these specified conditions is that the photocopy or reproduction is not to be “used for any purpose other than private study, scholarship, or research.” If a, user makes a request for, or later uses, a photocopy or reproduction for purposes in excess of “fair use” that user may be liable for copyright infringement, This institution reserves the right to refuse to accept a copying order if, in its judgment, fulfillment of the order would involve violation of copyright law. Please Note: The author retains the copyright while the New Jersey Institute of Technology reserves the right to distribute this thesis or dissertation Printing note: If you do not wish to print this page, then select “Pages from: first page # to: last page #” on the print dialog screen The Van Houten library has removed some of the personal information and all signatures from the approval page and biographical sketches of theses and dissertations in order to protect the identity of NJIT graduates and faculty. ABSTRACT MULTILEVEL ADAPTIVE SECURITY SYSTEM by Hongwei Li Recent trends show increased demand for content-rich media such as images, videos and text in ad-hoc communication. Since such content often tends to be private, sensitive, or paid for, there exists a requirement for securing such information over resource constrained ad hoc networks.
    [Show full text]
  • Looking Back: Addendum
    Looking Back: Addendum David Elliott Bell Abstract business environment produced by Steve Walker’s Com- puter Security Initiative.3 The picture of computer and network security painted in What we needed then and what we need now are “self- my 2005 ACSAC paper was bleak. I learned at the con- less acts of security” that lead to strong, secure commercial ference that the situation is even bleaker than it seemed. products.4 Market-driven self-interest does not result in al- We connect our most sensitive networks to less-secure net- truistic product decisions. Commercial and government ac- works using low-security products, creating high-value tar- quisitions with tight deadlines are the wrong place to ex- gets that are extremely vulnerable to sophisticated attack or pect broad-reaching initiatives for the common good. Gov- subversion. Only systems of the highest security are suffi- ernment must champion selfless acts of security separately cient to thwart such attacks and subversions. The environ- from acquisitions. ment for commercial security products can be made healthy again. 3 NSA Has the Mission In 1981, the Computer Security Evaluation Center was 1 Introduction established at the National Security Agency (NSA). It was charged with publishing technical standards for evaluating In the preparation of a recent ACSAC paper [1], I con- trusted computer systems, with evaluating commercial and firmed my opinion that computer and network security is in GOTS products, and with maintaining an Evaluated Prod- sad shape. I also made the editorial decision to soft-pedal ucts List (EPL) of products successfully evaluated. NSA criticism of my alma mater, the National Security Agency.
    [Show full text]
  • A Dynamic Cloud Computing Platform for Ehealth Systems
    A Dynamic Cloud Computing Platform for eHealth Systems Mehdi Bahrami 1 and Mukesh Singhal 2 Cloud Lab University of California Merced, USA Email: 1 IEEE Senior Member, [email protected]; 2 IEEE Fellow, [email protected] Abstract— Cloud Computing technology offers new Application Programming Interface (API) could have some opportunities for outsourcing data, and outsourcing computation issue when the application transfer to a cloud computing system to individuals, start-up businesses, and corporations in health that needs to redefine or modify the security functions of the API care. Although cloud computing paradigm provides interesting, in order to use the cloud. Each cloud computing system offer and cost effective opportunities to the users, it is not mature, and own services to using the cloud introduces new obstacles to users. For instance, vendor lock-in issue that causes a healthcare system rely on a cloud Security Issue: Data security refers to accessibility of stored vendor infrastructure, and it does not allow the system to easily data to only authorized users, and network security refers to transit from one vendor to another. Cloud data privacy is another accessibility of transfer of data between two authorized users issue and data privacy could be violated due to outsourcing data through a network. Since cloud computing uses the Internet as to a cloud computing system, in particular for a healthcare system part of its infrastructure, stored data on a cloud is vulnerable to that archives and processes sensitive data. In this paper, we both a breach in data and network security. present a novel cloud computing platform based on a Service- Oriented cloud architecture.
    [Show full text]
  • In-Memory Computing Platform: Data Grid Deep Dive
    In-Memory Computing Platform: Data Grid Deep Dive Rachel Pedreschi Matt Sarrel Director of Solutions Architecture Director of Technical Marketing GridGain Systems GridGain Systems [email protected] [email protected] @rachelpedreschi @msarrel © 2016 GridGain Systems, Inc. GridGain Company Confidential Agenda • Introduction • In-Memory Computing • GridGain / Apache Ignite Overview • Survey Results • Data Grid Deep Dive • Customer Case Studies © 2016 GridGain Systems, Inc. Why In-Memory Now? Digital Transformation is Driving Companies Closer to Their Customers • Driving a need for real-time interactions Internet Traffic, Data, and Connected Devices Continue to Grow • Web-scale applications and massive datasets require in-memory computing to scale out and speed up to keep pace • The Internet of Things generates huge amounts of data which require real-time analysis for real world uses The Cost of RAM Continues to Fall • In-memory solutions are increasingly cost effective versus disk-based storage for many use cases © 2015 GridGain Systems, Inc. GridGain Company Confidential Why Now? Data Growth and Internet Scale Declining DRAM Cost Driving Demand Driving Attractive Economics Growth of Global Data 35. 26.3 17.5 ZettabytesData of 8.8 DRAM 0. Flash Disk 8 zettabytes in 2015 growing to 35 in 2020 Cost drops 30% every 12 months © 2016 GridGain Systems, Inc. The In-Memory Computing Technology Market Is Big — And Growing Rapidly IMC-Enabling Application Infrastructure ($M) © 2016 GridGain Systems, Inc. What is an In-Memory Computing Platform?
    [Show full text]
  • A Logical Specification and Analysis for Selinux MLS Policy
    A Logical Specification and Analysis for SELinux MLS Policy BONIFACE HICKS St. Vincent College and SANDRA RUEDA, LUKE ST.CLAIR, TRENT JAEGER, and PATRICK MCDANIEL The Pennsylvania State University The SELinux mandatory access control (MAC) policy has recently added a multilevel security (MLS) model which is able to express a fine granularity of control over a subject’s access rights. The problem is that the richness of the SELinux MLS model makes it impractical to manually evaluate that a given policy meets certain specific properties. To address this issue, we have modeled the SELinux MLS model, using a logical specification and implemented that specification in the Prolog language. Furthermore, we have developed some analyses for testing information flow properties of a given policy as well as an algorithm to determine whether one policy is compliant with another. We have implemented these analyses in Prolog and compiled our implementation into a tool for SELinux MLS policy analysis, called PALMS. Using PALMS, we verified some important properties of the SELinux MLS reference policy, namely that it satisfies the simple security condition and - property defined by Bell and LaPadula. We also evaluated whether the policy associated to a given application is compliant with the policy of the SELinux system in which it would be deployed. Categories and Subject Descriptors: K.6.5 [Management of Computing and Information Sys- tems]: Security and Protection; D.4.6 [Operating Systems]: Security and Protection—Informa- tion flow controls General Terms: Security, Languages, Verification Additional Key Words and Phrases: SELinux, multilevel security, policy compliance, policy analysis ACM Reference Format: Hicks, B., Rueda, S., St.
    [Show full text]
  • The FPGA As a Computing Platform
    X01_Introduction.qxp 3/15/2005 3:31 PM Page 1 CHAPTER 1 The FPGA as a Computing Platform As the cost per gate of FPGAs declines, embedded and high-performance sys- tems designers are being presented with new opportunities for creating accel- erated software applications using FPGA-based programmable hardware platforms. From a hardware perspective, these new platforms effectively bridge the gap between software programmable systems based on traditional microprocessors, and application-specific platforms based on custom hard- ware functions. From a software perspective, advances in design tools and methodology for FPGA-based platforms enable the rapid creation of hardware-accelerated algorithms. The opportunities presented by these programmable hardware plat- forms include creation of custom hardware functions by software engineers, later design freeze dates, simplified field updates, and the reduction or elimi- nation of custom chips from many categories of electronic products. Increas- ingly, systems designers are seeing the benefits of using FPGAs as the basis for applications that are traditionally in the domain of application-specific in- tegrated circuits (ASICs). As FPGAs have grown in logic capacity, their ability to host high-performance software algorithms and complete applications has grown correspondingly. In this chapter, we will present a brief overview of FPGAs and FPGA- based platforms and present the general philosophy behind using the C lan- guage for FPGA application development. Experienced FPGA users will find 1 X01_Introduction.qxp 3/15/2005 3:31 PM Page 2 2 The FPGA as a Computing Platform much of this information familiar, but nonetheless we hope you stay with us as we take the FPGA into new, perhaps unfamiliar territory: that of high-performance computing.
    [Show full text]
  • Computing Platforms Chapter 4
    Computing Platforms Chapter 4 COE 306: Introduction to Embedded Systems Dr. Abdulaziz Tabbakh Computer Engineering Department College of Computer Sciences and Engineering King Fahd University of Petroleum and Minerals [Adapted from slides of Dr. A. El-Maleh, COE 306, KFUPM] Next . Basic Computing Platforms The CPU bus Direct Memory Access (DMA) System Bus Configurations ARM Bus: AMBA 2.0 Memory Components Embedded Platforms Platform-Level Performance Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 2 Embedded Systems Overview Actuator Output Analog/Digital Sensor Input Analog/Digital CPU Memory Embedded Computer Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 3 Computing Platforms Computing platforms are created using microprocessors, I/O devices, and memory components A CPU bus is required to connect the CPU to other devices Software is required to implement an application Embedded system software is closely tied to the hardware Computing Platform: hardware and software Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 4 Computing Platform A typical computing platform includes several major hardware components: The CPU provides basic computational facilities. RAM is used for program and data storage. ROM holds the boot program and some permanent data. A DMA controller provides direct memory access capabilities. Timers are used by the operating system A high-speed bus, connected to the CPU bus through a bridge, allows fast devices to communicate efficiently with the rest of the system. A low-speed bus provides an inexpensive way to connect simpler devices and may be necessary for backward compatibility as well. Computing Platforms COE 306– Introduction to Embedded System– KFUPM slide 5 Platform Hardware Components Computer systems may have one or more bus Buses are classified by their overall performance: lows peed, high- speed.
    [Show full text]